Quick Links

Re: getuid() vs geteuid()

From:	Simon Riggs <simon(at)2ndquadrant(dot)com>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: getuid() vs geteuid()
Date:	2005-01-08 21:55:14
Message-ID:	1105221314.3803.61.camel@localhost.localdomain
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Sat, 2005-01-08 at 12:44 -0500, Tom Lane wrote:
> I notice that several uses of getuid() have snuck into the code, mostly
> in relatively-recently-added SSL code. I assert that these all are
> wrong and should be checking geteuid(). Is anyone going to complain
> that we need an RC5 to change this?

No, but increased security is only possible via increased transparency.

We should explain clearly any such change made in the name of security,
then document it in Developer's FAQ to make sure such problems do not
recur.

--
Best Regards, Simon Riggs

In response to

getuid() vs geteuid() at 2005-01-08 17:44:18 from Tom Lane

Responses

Re: getuid() vs geteuid() at 2005-01-08 22:20:53 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2005-01-08 22:20:53	Re: getuid() vs geteuid()
Previous Message	Tony Caduto	2005-01-08 18:02:24	Re: Delphi+pqsql